Defcon 26 – Cool and Interesting
If you are into security, there are few shows more fun and interesting than Defcon. Dating back to 1993, Defcon brings together one of the largest groups of hackers, feds, infosec pros, students and researchers who share knowledge, attend presentations and compete in various hacking contests. All was not perfect, as the show was spread across two venues in Las Vegas, Caesars and the Flamingo. There were also some challenges with the interplay of security and privacy in the wake of the October, 2017 mass shootings. However, even with those factors in consideration, all reports are that the show was a big success.
On to some of the interesting bits:
God Mode Unlocked – Christopher Domas
Chris Domas put together a really compelling story about his discovery of a hidden RISC co-processor embedded in an old Via C3 Nehemiah x86 CPU. This is an old (2003), relatively low power CPU used in industrial automation, healthcare devices, ATMs and other embedded applications as well as low cost desktop and laptop PCs. What was interesting here was the fact that what was in effect a hardware backdoor was exposed. While the exploit Domas describes, allowing ring0 access, is limited to a relatively low volume device from 2003, the fact that this weakness exists in one place implies it can likely be found elsewhere as well.
Ride Along Adventures – Critical Issues with Police Body Cameras – Josh Mitchell
We have recently seen, in the US in particular, heightened interest in policework and in particular the use of police violence. Body cameras have been touted as being a good way to deal with such concerns, either by showing a particular shoot is justified or by providing solid evidence that excessive force was used.
Some of the challenges with the deployment of these IoT devices include the ability of bad actors to “log in, view media, modify media [and] make changes to the file structures.”
Car Hacking Village
GRIMM was there with their Car Hacking Village and one thing was clear. Car hacking is a thing, it’s going to get worse and manufacturers are having a hard time keeping up. Already there are Arduino-based tools and with new cars being crashed every day, you can pick up the full tech stack for most cars down at the local junkyard. Two weeks time and about $2000 and you too can have your very own automotive hacking laboratory.
Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices – Dennis Giese
The Internet of Things, while bringing many reasons for joy and delight to the user, also presents a festering hellscape of vulnerabilities ripe for exploitation to hackers. Security researcher Dennis Giese presented his findings on Xiaomi devices including weak passwords, hardcoded passwords, web-based vulnerabilities and privilege escalation vulnerabilities. While this talk was on Xiaomi devices many of the general principals extend nicely to devices made by other makers. As IoT technology proliferates, one can expect security problems to do so as well until hardware makers adopt comprehensive security first cultures – a challenge in highly competitive environments where speed to market is key and a lengthy feature list easily captured in box labeling will in the eyes of most consumers trump obscure and hard to understand security enhancements.
Virtualization and its somewhat more efficient, more evolved cousin containerization have together enabled much of what we consider modern IT including cloud and SDx technologies. That said, they have also brought a number of challenge from a security front, some technical and some human/training related.
This talk covered areas useful to attacking, including the concept that once you have exploited any one particular containerized application, you are then in a good position to attack other containers. Also covered was the fact that while there are many things that can be done to better secure Docker containers, these things often go undone and can be readily found with common tools such as Metasploit.
These are some of the highlights of Defcon 26 reported by the Ixia Application and Threat Intelligence Team. Learn more about Ixia ATI Research Center.